<?php

function oh_mkpasswd()
{
    $characters = '123456789ABCDEFGHJKLMNOPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
    $result = '';
    for ($i = 0; $i < 10; $i++)
        $result .= $characters[mt_rand(0, 58)];
		
	return $result;
}

function oh_crypt($username,$password)
{
	return sha1($username.$password);
}

function oh_validate_pass($password)
{
	$username=$_SESSION['user_name'];
	
	$con=oh_sql_connect();
	
	$username=$con->real_escape_string($username);
	$username=strtolower($username);
	
	$sql="SELECT * FROM `oh_users` WHERE `username` = '".$username."' AND `password`='".oh_crypt($username,$password)."'";
	
	$result=oh_sql_query($con,$sql);
	
	if( $result->num_rows > 0)
	{
		$success=TRUE;
	}
	else
	{
		$success=FALSE;
	}
	
	$con->close();
	
	return $success;
}

function oh_update_email_settings($optin)
{
	$optin = filter_var($optin, FILTER_VALIDATE_INT);

	$username=$_SESSION['user_name'];
	
	$con=oh_sql_connect();
	
	$username=$con->real_escape_string($username);
	$username=strtolower($username);

	$sql="UPDATE `oh_users` SET `recv_email`='".$optin."' WHERE `username` = '".$username."'";
	
	oh_sql_query($con,$sql);
	
	$sql="UPDATE `oh_users` SET `firstlogin`='1' WHERE `username` = '".$username."'";
	
	oh_sql_query($con,$sql);
}

function oh_update_pass($password)
{
	$username=$_SESSION['user_name'];
	
	$con=oh_sql_connect();
	
	$username=$con->real_escape_string($username);
	$username=strtolower($username);
	
	$sql="UPDATE `oh_users` SET `password`='".oh_crypt($username,$password)."' WHERE `username` = '".$username."'";
	
	$result=oh_sql_query($con,$sql);
}

function oh_login_user($username,$password)
{
	$con=oh_sql_connect();
	
	$username=$con->real_escape_string($username);
	$username=strtolower($username);
	
	$sql="SELECT * FROM `oh_users` WHERE `username` = '".$username."' AND `password`='".oh_crypt($username,$password)."'";
	
	$result=oh_sql_query($con,$sql);
	
	if( $result->num_rows > 0)
	{		
		$row=$result->fetch_assoc();
		$_SESSION['user_login']=1;
		$_SESSION['user_name']=$row['username'];
		$_SESSION['user_id']=$row['uid'];
		$_SESSION['user_isadmin']=$row['admin'];
		$_SESSION['user_cleared']=$row['cleared'];
		$_SESSION['realname']=$row['firstname']." ".$row['lastname'];
		$_SESSION['expires'] = time() + OH_IDLE_TIMEOUT;
		if($row['firstlogin']==0)
			$success="firstlogin";
		else
			$success="normal";
	}
	else
	{
		$success="fail";
	}
		
	$con->close();
	
	return $success;
}

function oh_logout_user()
{
	// close out the session
	$_SESSION['user_login']=0;
	$_SESSION['user_name']="";
	$_SESSION['user_id']=0;
	$_SESSION['cleared']=0;
	$_SESSION['user_isadmin']=0;
	$_SESSION['expires']=0;
	$_SESSION['realname']="";
}

function oh_register_user($username,$email,$firstname,$lastname,$meta_id,$automated)
{
	$con=oh_sql_connect();
	
	$username=$con->real_escape_string($username);
	$username=strtolower($username);
	$email=$con->real_escape_string($email);
	$email = filter_var($email, FILTER_SANITIZE_EMAIL);
	$firstname=$con->real_escape_string($firstname);
	$lastname=$con->real_escape_string($lastname);
	$password=oh_mkpasswd();
	$meta_id = filter_var($meta_id, FILTER_VALIDATE_INT);
	
	$sql="SELECT * FROM `oh_users` WHERE `username` = '".$username."'";
	
	$result=oh_sql_query($con,$sql);
	
	if( $result->num_rows > 0)
	{		
		if($automated==1)
			$output="USERNAMECLASH";
		else
			$output="Username ".$username." is already registered.";
	}
	else
	{
		$sql="INSERT into `oh_users` (`username`,`email`,`firstname`,`lastname`,`password`,`cleared`,`meta_id`) VALUES ".
			"('".$username."',".
			"'".$email."',".
			"'".$firstname."',".
			"'".$lastname."',".
			"'".oh_crypt($username,$password)."',".
			"'".OH_DEFAULT_CLEAR."',".
			"'".$meta_id."')";
		oh_sql_query($con,$sql);
		
		$subject = "Your registration for ".OH_TITLE;
		
		$message = "Your account on ".OH_TITLE." is now registered.\n".
			"\n".
			"Your username is ".$username."\n".
			"Your password is ".$password."\n".
			"\n".
			"Login at ". OH_URL ." to sign up for games.";

		$headers = "From: ". OH_ADMIN_EMAIL ."\r\n".
			"Reply-To: ". OH_ADMIN_EMAIL ."\r\n".
			"X-Mailer: PHP/". phpversion();

		mail($email, 
			$subject,
			$message,
			$headers);		
		
		if(OH_CC_ADMIN_ON_REG==1)
		{
			$subject="New registration for ".OH_TITLE;
			$message="A new account has been registered on ".OH_TITLE.".\n
				\n
				Real name: ".$firstname." ".$lastname."\n
				Username: ".$username."\n";
				
				
			$headers = "From: ". OH_ADMIN_EMAIL ."\r\n".
			"Reply-To: ". OH_ADMIN_EMAIL ."\r\n".
			"X-Mailer: PHP/". phpversion();

		mail(OH_ADMIN_EMAIL, 
			$subject,
			$message,
			$headers);	
		}
		
		if($automated==1)
			$output="SUCCESS";
		else
			$output="Thank you for registering for ".OH_TITLE.". <br /> <br /> An email with your password will be sent to ".$email.".";
	}
	
	$con->close();
	
	return $output;
}

?>